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DETAILED ACTION 

1. Claims 34, 36-49, 51-64 and 66-78 are presented for examination; claims 1-33 are 
non-elected and/or withdrawn. 

Election/Restrictions 

2. Claims 1-33 are withdrawn from further consideration pursuant to 37 CFR 
1.142(b) as being drawn to a nonelected invention, there being no allowable generic or 
linking claim. Election was made without fraverse in the reply filed on 09/28/2007. 

Response to Arguments 

Regarding argument the 101 rejection for claims 49, and 51-63 not being proper and/or 
applicant's argument wherein "each of the rejected claims contains elements as a means 
for performing specified functions, in accordance with 35 USC 1 12, and therefore recites 
a statutory apparatus," is not persuasive because the means plus functions are not tangible 
and/or the specification does not specifically describe the structures of that perform the 
means plus fiinctions as being implemented by hardware structure. For instance, the 
specification also describes, on page 8 lines 13-page 9 lines 20 the means for retrieving, 
generating and transmitting as software. Therefore the rejection is proper and is 
maintained. 

Applicant's art arguments with respect to claims 34, 36-49, 51-64 and 66-78 have been 
considered but are moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 1 Ol 
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3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to 
the conditions and requirements of this title. 

4. Claim 49, and 5 1-63 are rejected under 35 U.S.C. 101 because it is directed to 
non-statutory subject matter as failing to fall within a statutory category and as being 
directed to software per se (although the preamble of claim 1 recites a "An apparatus" it 
does not inherently mean that the claim is directed to a machine). The specification also 
describes, on page 8 lines 13 -page 9 lines 20 the means for retrieving, generating and 
transmitting as software. Therefore, claims 49, and 51-63 are software per se. See MPEP 
2106. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 34, 38-44, 49, 53-59, 64, and 68-74 rejected under 35 U.S.C. 103(a) as 
being unpatentable over lijima USPN 5225664 in view of Ho et al. US PG Pubs 
20030143989 Al and Caci et al. US Pub. 2007/0145125 Al. 

Regarding claims 34, 49 and 64, lijima discloses a method/apparatus of authenticating a 
hardware token (IC card 1) for operation with a host (terminal device 8), comprising the 

steps of: 
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retrieving a value X (col. 4 lines 42-64; C2X) from a memory accessible to an 
authenticating entity, the value X generated from a computer fingerprint F {internal data 
NNNNN) of the host (col. 4 lines 42-50 and col. 3 lines 64-67) and an identifier P 
securing access to the token, wherein the host fingerprint F is computed at least in part 
from host information C (col. 4 lines 42-49 and col. 4 lines 21-26; internal data 
NNNNN,... random number... card number/SN); 

generating the identifier P at least in part from the value X and the fingerprint F 
(col. 4 lines 55-63 and lines 42-49; C2 is generated by encrypting random data B using 
key data NNNNN); and 

transmitting the generated identifier P to the token to authenticate the token for 
operation with the host (col. 4 lines 64-col. 5 lines 23; C2 is transmitted to IC card for 
authentication). 

lijima fails to disclose regenerating the same identifier value P at least in part 
from the value X and the fingerprint F and fransmitting the regenerated identifier P. 

However Ho et al. discloses generating a new same identifier based on received 
information and comparing the new identifier with received identifier and communicating 
based on comparing resuh (see par. 26, claim 27 and fig. 3 element 320, 370, 380, and 
395). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teachings of Ho et al. within the system of 
lijima because they are analogous in authentication. One would have been motivated to 
modify the teachings to provide proper access based on authentication. 
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The combination of lijima and Ho et al. fail to explicitly disclose wherein 
retrieving a value X from a memory separate from the token accessible to an 
authenticating entity, the value X generated from a non-varying computer fingerprint F 
of the host and an identifier P securing access to the token, wherein the host fingerprint F 
is computed at least in part from non- varying host information C based on a unique 
characteristic of the host. 

However Caci et al. discloses The combination of lijima and Ho et al. fail to 
explicitly disclose wherein retrieving a value X from a memory separate from the token 
accessible to an authenticating entity, the value X generated from a non-yarying 
computer fingerprint F of the host and an identifier P securing access to the token, 
wherein the host fingerprint F is computed at least in part from non-varying host 
information C based on a unique characteristic of the host (see par. 51-54, claim 1 
and fig. 8 and 11). 

Therefore it would have been obvious to one having ordinary skill in the art at the 
time of the invention was made to modify the teaching of Caci et al. within the 
combination system because they are analogous in authentication. One would have been 
motivated to incorporate the teachings to secure the data. 

Regarding claims 38, 53 and 68, lijima discloses the method/apparatus, wherein the value 
X is computed in the token (col. 4 lines 42-49). 

Regarding claims 39, 54 and 69, lijima discloses the method/apparatus, wherein the value 
X is computed according to X=f(P,F), wherein f(P,F) is a reversible function such that 
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f(f(P,F),F)=P (col. 3 lines 56-col. 4 lines 64). 
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Regarding claims 40, 55 and 70, lijima discloses the method/apparatus, wherein f(P,F) 
comprises P XOR F (col. 3 lines 56-col. 4 lines 64). 

Regarding claims 41, 56 and 71, lijima discloses the method/apparatus, wherein the value 
X is further computed at least in part from a user identifier U (col. 2 lines 43-62). 

Regarding claims 42, 57 and 72, lijima discloses the method/apparatus, wherein the value 
X is computed according to X=f(P,U,F), wherein f(P,U,F) is a reversible function such 
that f(f(P,U,F),U,F)=P (col. 3 lines 56-col. 4 lines 64). 

Regarding claims 43, 58 and 73, lijima discloses the method/apparatus, wherein 
f(P,U,F) is P XOR U XOR F (col. 3 lines 56-col. 4 lines 64). 

Regarding claims 44, 59 and 74, lijima discloses the method/apparatus, wherein: the 
authorizing entity is a host computer communicatively coupleable to the token; and the 
value X is stored in the host computer (fig. 1 elements 1 and 8). 

7. Claims 45-48, 60-63, and 75-78 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over lijima USPN 5225664, Ho et al. US PG Pubs 20030143989 Al and 
Caci et al. US Pub. 2007/0145125 Al and further in view of Miura USPN 6952775 
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Bl. 

Regarding claims 45, 60 and 75, lijima fails to disclose hashing. However Miura 
discloses the method/apparatus of IC card 103 authentication (see fig. 1) and the 
authentication comprising hashing multiple entity's personal information (see fig. 6-7), 
storing the computed hash value (col. 2 lines 64-col. 3 lines 7). Therefore it would have 
been obvious to one having ordinary skill in the art at the time of the invention was made 
to modify the teachings of Miura within the combination system to compute a hash value 
of value X because computing a hash value of authenticating data is well known at the 
time of the invention for authentication. 



Regarding claims 46, 61 and 76, Miura discloses the method/apparatus of IC card 103 
authentication (see fig. 1) and the authentication comprising hashing multiple entity's 
personal information (see fig. 6-7), storing the computed hash value (col. 2 lines 64-col. 3 
lines 7). Therefore it would have been obvious to one having ordinary skill in the art at 
the time of the invention was made to modify the teachings of Miura within the 
combination system to compute a hash value of in part from the fingerprint F; and 
retrieving the value X associated with the reference value H because computing a hash 
value of authenticating data is well known at the time of the invention for authentication. 



Regarding claims 47, 62 and 77, Miura discloses the method/apparatus of IC card 103 
authentication (see fig. 1) and the authentication comprising hashing multiple entity's 
personal information (see fig. 6-7), storing the computed hash value (col. 2 lines 64-col. 3 
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lines 7). Therefore it would have been obvious to one having ordinary skill in the art at 
the time of the invention was made to modify the teachings of Miura within the 
combination system to compute a hash value of in part from the fingerprint F; and 
retrieving the value X associated with the reference value H because computing a hash 
value of authenticating data is well known at the time of the invention for authentication. 

Regarding claims 48, 63 and 78, Miura discloses the method/apparatus of IC card 103 
authentication (see fig. 1) and the authentication comprising hashing multiple entity's 
personal information (see fig. 6-7), storing the computed hash value (col. 2 lines 64-col. 3 
lines 7). Therefore it would have been obvious to one having ordinary skill in the art at 
the time of the invention was made to modify the teachings of Miura within the 
combination system to compute a hash value of in part from the fingerprint F; and 
retrieving the value X associated with the reference value H because computing a hash 
value of authenticating data is well known at the time of the invention for authentication. 

8. Claims 36-37, 51-52, and 66-67 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over lijima USPN 5225664, Ho et al. US PG Pubs 20030143989 Al and 
Caci et al. US Pub. 2007/0145125 Al and further in view of Ayyagari et al. 
2003/0208677. 

Regarding claims 36, 5 1 and 66, lijima teaches wherein the host fingerprint F is 
computed at least in part from host information C (see col. 3 lines 56-col. 4 lines 64) but 
fails to disclose wherein the host fingerprint F is computed at least in part from a server 
specific value V. However Ayyagari et al. discloses identifier information comprising a 
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concatenated hardware address of the access server and a hardware address of a client. 
There fore it would have been obvious to one having ordinary skill in the art at the time 
of the invention was made to modify the teachings of Ayyagari et al. with in the 
combination system because they are analogous in authentication. One would have been 
motivated to incorporate the teachings to include the remote server within the 
authentication. 

Regarding claims 37, 52 and 67, lijima teaches wherein the host fingerprint F is 
computed at least in part from host information C and a fixed string Z (see col. 3 lines 56- 
col. 4 lines 64) but fails to disclose wherein the host fingerprint F is computed at least in 
part from a server specific value V and a fixed string Z. However Ayyagari et al. 
discloses identifier information comprising a concatenated hardware address of the access 
server and a hardware address of a client. Therefor it would have been obvious to one 
having ordinary skill in the art at the time of the invention was made to modify the 
teachings of Ayyagari et al. with in the combination system because they are analogous 
in authentication. One would have been motivated to incorporate the teachings to include 
the remote server within the authentication. 

Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated fi-om the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS from the date of this final action. 

10. Any inquiry concerning this communication or earlier communications fi-om the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272- 
3867. The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Nasser R. Moazzami can be reached on (571) 272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571-273- 
8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Eleni A Shiferaw/ 
Examiner, Art Unit 2436 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2436 



